Sdeleersnyder: New page: NOTOC {|style="width:100%" |style="width:56%;color:#000"| {|style="width:280px;border:solid 0px;background:none" |- |style="width:468px;color:#000" | [[Image:Poland09...

2009-05-07T21:01:32Z

New page: __NOTOC__  {|style="width:100%" |style="width:56%;color:#000"| {|style="width:280px;border:solid 0px;background:none" |- |style="width:468px;color:#000" | [[Image:Poland09...

New page

__NOTOC__


{|style="width:100%"
|style="width:56%;color:#000"|

{|style="width:280px;border:solid 0px;background:none"
|-
|style="width:468px;color:#000" |
[[Image:Poland09.gif]]

Block your agendas for May 11-14 and join us for which promises to be the Biggest European AppSec event of the year !

May 13th–14th 2009, OWASP will hold its annual European Application Security conference in wonderful Kraków, Poland ([http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=krakow+poland&sll=50.047811,19.92965&sspn=0.019704,0.043774&ie=UTF8&ll=50.069922,19.944992&spn=0.30454,0.700378&z=11&iwloc=addr Google Maps Link]). Not only do we have 2 fantastic key notes (Ross Anderson and Bruce Schneier) but we have 3 tracks stuffed with high quality topics and great speakers and one and two day tutorials. This year we organise the conference together with OWASP Poland and [http://2009.confidence.org.pl/lang-pref/en/ Confidence2009], a conference in Kraków on May 15th-16th.
|}

|style="width:100%;font-size:95%;color:#000;background-color:#ececec;border:1px solid #ccc"|
'''Twitter Feed ([http://www.twitter.com/AppSecEU09 follow me!])'''
<twitter>AppSecEU09</twitter>
|style="width:110px;font-size:95%;color:#000"|
|} 

Help us [[OWASP AppSec Europe 2009 - Poland Promotion|PROMOTE]] this event!

'''Be FAST to register: we only accept 400 registrations for this event!'''

'''Registration via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,887f27a2-13e0-47dc-9220-76ed22ab0546 CLICK HERE TO REGISTER]'''

'''If you are registering as a Speaker or Sponsor, use the following link: [http://guest.cvent.com/i.aspx?4W,M3,a99f854a-a4db-4886-8bdf-ecb21cb62036 Speaker-Sponsor Registration]'''

====Tutorial Days May 11-12====
==[[AppSecEU09Tutorials|Tutorial Days]] - May 11th and 12th==

OWASP hosts 1 and 2 day [[AppSecEU09Tutorials|tutorial sessions]] prior to the conference.

2 day tutorials:
* Web Services Security, ''by Dave Wichers, Aspect Security''
* Advanced Testing, ''by Michael Coates, Aspect Security''
1 day tutorials:
* Introduction to ModSecurity, the Apache Security Module, ''by Christian Folini, Netnea (christian.folini 'at' netnea.com) ''
* Web 2.0 Hacking – Attacks & Countermeasures, ''by Shreeraj Shah, Blueinfy''
* Threat Modeling, ''by John Steven, Cigital''
* In-depth Assessment Techniques: Design, Code, and Runtime, ''by Pravir Chandra, Cognosticus''

To see all tutorial and trainer details click [[AppSecEU09Tutorials|HERE]]

Registration is available via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,887f27a2-13e0-47dc-9220-76ed22ab0546 CLICK HERE TO REGISTER]

Venue: Park Inn Hotel, Krakow

Timing: 9h-17h

====Mini-Summit May 11-12====

==Mini-Summit & Working Sessions Schedule: Tuesday 12th ==

'''Free one-day OWASP Tutorial'''

On Monday May 11th 9h-17h, Matt Tesauro (OWASP Live CD Project Lead, Texas Education Agency) will give a free one-day OWASP tutorial "Hands on application security with the OWASP Live CD and the OWASP Testing Guide"
Venue: Park Inn Hotel, Krakow

'''OWASP Mini-Summit'''

On the Tuesday before the Conference there will a 1 day mini-summit where the following important OWASP related topics will be debated:
* 10:00 - 12:00 : Final discussion and presentation of the new OWASP Project and Releases Assessment Criteria V2.0
* 14:00 - 15:00 : Pre-presentation of the new OWASP Season of Code 2009 (& revision of its marketing materials)
* 15:00 - 15:30 : OWASP Financials and additional sources for OWASP grants funds (for example government funding or corporate sources)
* 17:00 - 19:00 - OWASP Projects and Chapters Leaders meeting

Confirmed participants: Dinis Cruz, Sebastien Deleersnyder (OWASP Board), Matt Tesauro (OWASP Global Projects Committee, Paulo Coimbra (remote participant)

====Conference May 13-14 ====
==Conference Agenda - May 13-14==

This year we extended the program to three tracks, with opening keynotes and presentations in the main auditorium, split tracks in the middle of the day, and closing panel discussions back in the main auditorium both days.

{| style="width:80%" border="0" align="center"
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 1 - May 13, 2009
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: Room 1
| style="width:30%; background:#BCA57A" | Track 2: Room 2
| style="width:30%; background:#99FF99" | Track 3: Room 3
|-
| style="width:10%; background:#7B8ABD" | 08:00-08:50 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee
|-
| style="width:10%; background:#7B8ABD" | 08:50-09:00 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Welcome to OWASP AppSec 2009 Conference
''Sebastien Deleersnyder, OWASP Foundation''
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Keynote
''Ross Anderson, Professor in Security Engineering, University of Cambridge''
|-
| style="width:10%; background:#7B8ABD" | 09:45-10:30|| colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP State of the Union
''Dinis Cruz & Sebastien Deleersnyder, OWASP Foundation''
|-
| style="width:10%; background:#7B8ABD" | 10:30-10:45 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 10:45-11:25 || style="width:30%; background:#BC857A" align="left" | OWASP Live CD: An open environment for Web Application Security
''Matt Tesauro, Texas Education Agency''
| style="width:30%; background:#BCA57A" align="left" | Secure Applications for PCI DSS
''Tim Holman, CTO, Blackfoot''
| style="width:30%; background:#99FF99" align="left" | Mirage: building an application model made easy (OWASP Orizon v 1.2)
''Paolo Perego, Spike Reply''
|-
| style="width:10%; background:#7B8ABD" | 11:30-12:10 || style="width:30%; background:#BC857A" align="left" | OWASP Application Security Verification Standard (ASVS) Project
''Dave Wichers, Aspect Security''
| style="width:30%; background:#BCA57A" align="left" | When Security Isn’t Free: The Myth of Open Source Security
''Rob Rachwald, Fortify''
| style="width:30%; background:#99FF99" align="left" | I thought you were my friend Evil Markup, browser issues and other obscurities
''Mario Heiderich, Business-IN''
|-
| style="width:10%; background:#7B8ABD" | 12:10-13:30 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 13:30-14:10 || style="width:30%; background:#BC857A" align="left" | Threat Modeling
''John Steven, Cigital''
| style="width:30%; background:#BCA57A" align="left" | Web Application Harvesting
''Esteban Ribičić, tbd''
| style="width:30%; background:#99FF99" align="left" | Maturing Beyond Application Security Puberty
''Roger Thornton, Fortify''
|-
| style="width:10%; background:#7B8ABD" | 14:15-14:45 || style="width:30%; background:#BC857A" align="left" | Exploiting Web 2.0 – Next Generation Vulnerabilities
''Shreeraj Shah, Blueinfy''
| style="width:30%; background:#BCA57A" align="left" | Deploying Secure Web Applications with OWASP Resources
''Kuai Hinojosa, New York University''
| style="width:30%; background:#99FF99" align="left" | The Truth about Web Application Firewalls: What the vendors do not want you to know
''Wendel Guglielmetti Henrique, Trustwave & Sandro Gauci, EnableSecurity''
|-
| style="width:10%; background:#7B8ABD" | 14:50-15:30 || style="width:30%; background:#BC857A" align="left" | Advanced SQL injection exploitation to operating system full control
''Bernardo Damele Assumpcao Guimaraes, lead developer of sqlmap''
| style="width:30%; background:#BCA57A" align="left" | Tracking the effectiveness of an SDL program: lessons from the gym
''Cassio Goldschmidt, Symantec Corporation''
| style="width:30%; background:#99FF99" align="left" | -
|-
| style="width:10%; background:#7B8ABD" | 15:30-15:45 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 15:45-16:25 || style="width:30%; background:#BC857A" align="left" | [[SAMM|The Software Assurance Maturity Model (SAMM)]]
''Pravir Chandra, Cognosticus''
| style="width:30%; background:#BCA57A" align="left" | O2 - Advanced Source Code Analysis Toolkit
''Dinis Cruz, Ounce Labs''
| style="width:30%; background:#99FF99" align="left" | -
|-
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || colspan="3" style="width:90%; background:#F2F2F2" align="center" | Panel: Queer Eye for the Security Guy
They call themselves the Fierce Four. They are black-box badass, a source code super hero, an architecture authority and someone we like to call the proctor of process. In the spirit of NBC's Emmy award-winning reality television series, our four security experts will bring their combined decades of experience to bear on a contributor to an open source project ([http://drupal.org/security Drupal]) that wants to get security right.

''Moderator: Jacob West - Panelists: Pravir Chandra, Roger Thornton and John Steven''
|-
| style="width:10%; background:#7B8ABD" | 19:00-? || colspan="3" style="width:80%; background:#C2C2C2" align="left" | OWASP Dinner at the [http://www.wawel.krakow.pl/en/index.php Wawel Royal Castle]
|-
! colspan="4" align="center" style="background:#4058A0; color:white" | Day 2 - May 14, 2009
|-
| style="width:10%; background:#7B8ABD" | || style="width:30%; background:#BC857A" | Track 1: Room 1
| style="width:30%; background:#BCA57A" | Track 2: Room 2
| style="width:30%; background:#99FF99" | Track 3: Room 3
|-
| style="width:10%; background:#7B8ABD" | 08:00-09:00 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Registration and Coffee
|-
| style="width:10%; background:#7B8ABD" | 09:00-09:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Fixing Internet Security by Hacking the Business Climate
''Bruce Schneier, Chief Security Technology Officer, BT''
|-
| style="width:10%; background:#7B8ABD" | 09:45-10:30|| colspan="3" style="width:80%; background:#F2F2F2" align="center" | OWASP Projects
''Dave Wichers, OWASP Foundation''
|-
| style="width:10%; background:#7B8ABD" | 10:30-10:45 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 10:45-11:25 || style="width:30%; background:#BC857A" align="left" | OWASP "Google Hacking" Project
''Christian Heinrich, OWASP "Google Hacking" Project Lead''
| style="width:30%; background:#BCA57A" align="left" | Leveraging agile to gain better secuity
''Erlend Oftedal, Bekk Consulting''
| style="width:30%; background:#99FF99" align="left" | Beyond security principles approximation in software architectures
''Bart De Win, Ascure''
|-
| style="width:10%; background:#7B8ABD" | 11:30-12:10 || style="width:30%; background:#BC857A" align="left" | OWASP Enterprise Security API (ESAPI) Project
''Dave Wichers, Aspect Security''
| style="width:30%; background:#BCA57A" align="left" | ''[http://w3af.sf.net/ w3af]'', A framework to 0wn the web
'''[http://www.linkedin.com/in/ariancho Andrés Riancho]'', ''[http://www.bonsai-sec.com/ Bonsai Information Security]'' ''
| style="width:30%; background:#99FF99" align="left" | Brain's hardwiring and its impact on software development and secure software
''Alexandru Bolboaca & Maria Diaconu, Mosaic Works''
|-
| style="width:10%; background:#7B8ABD" | 12:10-13:30 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Lunch - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 13:30-14:10 || style="width:30%; background:#BC857A" align="left" | OWASP ROI: Optimize Security Spending using OWASP
''Matt Tesauro, Texas Education Agency''
| style="width:30%; background:#BCA57A" align="left" | CSRF: the nightmare becomes reality?
''Lieven Desmet, University Leuven''
| style="width:30%; background:#99FF99" align="left" | The Bank in the Browser - Defending web infrastructures from banking malware
''Giorgio Fedon, Minded Security''
|-
| style="width:10%; background:#7B8ABD" | 14:15-14:45 || style="width:30%; background:#BC857A" align="left" | HTTP Parameter Pollution
''Luca Carettoni, Independent Researcher & Stefano Di Paola, MindedSecurity''
| style="width:30%; background:#BCA57A" align="left" | OWASP Source Code Flaws Top 10 Project
''Paolo Perego, Spike Reply''
| style="width:30%; background:#99FF99" align="left" | Advanced Code Review Techniques - How to Find Needles in the Haystack Efficiently
''Siddharth Anbalahan, Plynt & Jaideep Jha, Plynt''
|-
| style="width:10%; background:#7B8ABD" | 14:50-15:30 || style="width:30%; background:#BC857A" align="left" | Business Logic Attacks: Bots and Bats
''Eldad Chai, Imperva''
| style="width:30%; background:#BCA57A" align="left" | [http://michael-coates.blogspot.com/2009/05/application-worms-at-owasp-europe.html Real Time Defenses against Application Worms and Malicious Attackers], [http://www.linkedin.com/in/mcoates ''Michael Coates''], ''Aspect Security''
| style="width:30%; background:#99FF99" align="left" | -
|-
| style="width:10%; background:#7B8ABD" | 15:30-15:45 || colspan="3" style="width:80%; background:#C2C2C2" align="left" | Break - Expo - CTF
|-
| style="width:10%; background:#7B8ABD" | 15:45-16:25 || style="width:30%; background:#BC857A" align="left" | Factoring malware and organized crime in to Web application security
''Gunter Ollmann, Damballa''
| style="width:30%; background:#BCA57A" align="left" | Can an accessible web application be secure? Assessment issues for security testers, developers and auditors
''Colin Watson, Watson Hall Ltd''
| style="width:30%; background:#99FF99" align="left" | -
|-
| style="width:10%; background:#7B8ABD" | 16:30-17:30 || colspan="3" style="width:90%; background:#F2F2F2" align="center" | Panel discussion
''Moderator: tbd, Panelists: tbd''
|-
| style="width:10%; background:#7B8ABD" | 17:30-17:45 || colspan="3" style="width:80%; background:#F2F2F2" align="center" | Conference Wrap-Up & CTF Awards
''Dave Wichers, OWASP Foundation''
|-
|}

Venue: Park Inn Hotel, Krakow

Registration is available via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,887f27a2-13e0-47dc-9220-76ed22ab0546 CLICK HERE TO REGISTER]

====Location====
==Conference Location==
[[Image:AppSecEU09 Cracow.JPG]]

This year, the conference will be held at the Park Inn Hotel, in the center of [http://en.wikipedia.org/wiki/Krak%C3%B3w Kraków], Poland.

==Accommodations==
This year, the conference will be held at the Park Inn Hotel, in the center of [http://en.wikipedia.org/wiki/Krak%C3%B3w Kraków], Poland. 

[[Image:OWASP_EU_2009_LOCATION.jpg]]

Park Inn Hotel 
Ul. Monte Cassino 2 
30 - 337 Kraków ([http://maps.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=krakow+poland&sll=50.047811,19.92965&sspn=0.019704,0.043774&ie=UTF8&ll=50.069922,19.944992&spn=0.30454,0.700378&z=11&iwloc=addr Google Maps Link]) 
Poland 
tel: 0048 – 12 – 375 – 40 – 02 
fax : 0048 – 12 – 375 – 40 – 01 
e-mail: joanna.ploskonka <AT> rezidorparkinn.com 
For 11-12-14 May OWASP has negotiated special room rates:
* Single 110 EUR per room/per night
* Double 120 EUR per room/per night
The above rates include: Super Breakfast buffet, High-speed Internet access and Tax 
Be sure to use "OWASP" as reference.

==Transportation to the Conference==
===By plane===
Krakow can be reached by commercial aviation through the John Paul II International Airport Krakow-Balice. 21 airlines fly to and from Krakow including British Airways, Alitalia, Germanwings, LOT, Lufthansa and cheap airlines such as SkyEurope, Ryanair, easyJet and centralwings. If you are traveling from outside Europe, you might want to try https://travel.flights-to-europe.com

You can go from the airport to the city centre by:
*Train
:The train stop is located app. 200 m from the passenger terminal ( 5 minute walk)
:It will take you 20 minutes and cost 6 PLN (less than 2EU) to get to the Krakow Main Station
*Bus
:The 192 bus stop is located directly at the roundabout, in front of the passenger terminal. The trip to the Main Station takes app. 35 minutes. The ticket can be purchased at the ticket machine on the bus stop for 2,5 PLN (less than 1EU)
*Taxi
:There are always taxis waiting for the passengers in front of the airport. The average price for a ride to the city centre is 50 PLN (around 15EU)
Find out more on John Paul II International Airport Krakow-Balice [http://krakowairport.pl/strona_en.html web page].

===By train===
You can also travel to Krakow by train from main Polish cities such as Warsow, Wroclaw, Poznan, Gdansk and several cities in Europe. There is direct connection from Berlin, Wien, Prague etc. 
Search for your connection [http://rozklad.pkp.pl/bin/query.exe/en? here] (your destination is Krakow Glowny).
===How to get to the venue?===
tbd

====Registration====
==Registration and Conference Fees==

Registration is available via the OWASP Conference Cvent site: [http://guest.cvent.com/i.aspx?4W,M3,887f27a2-13e0-47dc-9220-76ed22ab0546 CLICK HERE TO REGISTER]

'''Be fast to register: we only accept 400 registrations for this event!'''

The conference fee for this conference is :
* Standard: 350 Euros, OWASP Members: 300 Euros, Students: 225 Euros. ('''+5% discount for registering by Apr-30''')
* If you also register for [http://2009.confidence.org.pl/ CONFidence Poland 2009] you get a 15% reduction.
Other fees are:
* Conference Dinner: 50 Euros
* Conference Tutorials: 910 Euros (2 days) - 455 Euros (1 day)

Note: To save on processing expenses, all fees paid for the OWASP conference are non-refundable. OWASP can accommodate transfers of registrations from one person to another, if such an adjustment becomes necessary.

== Affiliated Partners ==
We are glad to have the support of:

[[Image:Confidence 120x150.gif|link=http://2009.confidence.org.pl/]]

In cooperation with:

[http://www.enisa.europa.eu/ http://www.owasp.org/images/0/05/Enisa.jpg]

Media Sponsor:

[[Image:Hnsweb-no-url.jpg|200px|link=http://www.net-security.org]]

==Conference Sponsors==

The following organizations are sponsors for this conference. If you are interested in sponsoring an OWASP conference, please contact OWASP at: conferences 'at' owasp.org.

[http://www.fortify.com https://www.owasp.org/images/a/ac/Fortify.jpg]

More information about conference sponsorship is available [https://www.owasp.org/images/b/b0/AppSecEU09_Sponsorship.pdf online].

[[Category:OWASP AppSec Conference]]

<paypal>AppSec EU Sponsorship</paypal>
'''If you are registering as a Sponsor, use the following link: [http://guest.cvent.com/i.aspx?4W,M3,a99f854a-a4db-4886-8bdf-ecb21cb62036 Sponsor Registration]'''

<headertabs/>

==Conference Committee==

OWASP Conferences Chair: Dave Wichers - Aspect Security - dave.wichers 'at' owasp.org

2009 EU Planning Committee Chair: Sebastien Deleersnyder - Telindus - seba 'at' owasp.org

2009 EU Program Committee:
* Sebastien Deleersnyder - seba 'at' owasp.org
* Mano Paul - mano.paul 'at' owasp.org
* Fabio Cerullo - fcerullo 'at' gmail.com
* Kuai Hinojosa - kuai.hinojosa 'at' owasp.org
* Andrzej Targosz - andrzej.targosz 'at' proidea.org.pl

Poland Chapter Host: Andrzej Targosz - OWASP Poland - andrzej.targosz 'at' proidea.org.pl

Capture the Flag Chair: Andrzej Targosz - andrzej.targosz 'at' proidea.org.pl

OWASP AppSec Europe 2009 - Poland tabs - Revision history

Sdeleersnyder: New page: __NOTOC__ {|style="width:100%" |style="width:56%;color:#000"| {|style="width:280px;border:solid 0px;background:none" |- |style="width:468px;color:#000" | [[Image:Poland09...

Sdeleersnyder: New page: NOTOC {|style="width:100%" |style="width:56%;color:#000"| {|style="width:280px;border:solid 0px;background:none" |- |style="width:468px;color:#000" | [[Image:Poland09...